Mozilla Foundation Security Advisory 2006-50

JavaScript engine vulnerabilities

Description

Continuing our security audit of the JavaScript engine, Mozilla developers
found and fixed several potential vulnerabilities.

Igor Bukanov and
shutdown found additional places where an untimely garbage collection
could delete a temporary object that was in active use (similar to
MFSA 2006-01 and
MFSA 2006-10). Some of these may
allow an attacker to run arbitrary code given the right conditions.

Georgi Guninski found potential integer overflow issues with
long strings in the toSource() methods of the Object, Array and String
objects as well as string function arguments.

Thunderbird shares the browser engine with Firefox
and would be vulnerable if JavaScript were to be enabled in mail. This is not
the default setting and we strongly discourage users from enabling
JavaScript in mail.

Workaround

Disable JavaScript until you can upgrade to a fixed version. Do not enable
JavaScript in mail clients such as Thunderbird.